Security Patch

Frederick_Law · May 5, 2021, 7:17pm

Patch your Dells NOW!
https://www.theverge.com/2021/5/4/22419474/dell-security-patch-kernel-level-permissions-firmware-update-driver-dbutil-sys

Dell has released a security patch that fixes a security vulnerability affecting many Dell computers going back to 2009, along with instructions on how to install it if your computer is affected (via threatpost). The vulnerability, found by security research firm SentinelLabs, is present in a driver used by Dell and Alienware’s firmware update utilities, and it allows an attacker to gain full kernel-level permissions in Windows.

Jaylin_Hochstetler · May 6, 2021, 5:58pm

Not much to be worried about. I said something to our IT guy, he looked into and came back with this.

image.png
Also it’s interesting that they are referencing 3rd party references.
NOT the dell website.
As seen in the code of the site.

Frederick_Law · May 10, 2021, 12:19pm

Did the patch on weekend.
It just look for the dll and delete it
And I didn’t have it.

Frederick_Law · May 11, 2021, 8:38pm

Not hardware, Adobe.
https://threatpost.com/adobe-zero-day-bug-acrobat-reader/166044/

A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.

Jaylin_Hochstetler · May 11, 2021, 8:56pm

You want some more things to be scared of?
image.png
image.png

Frederick_Law · May 11, 2021, 9:08pm

Nope, just keep my computer up to date.

Jaylin_Hochstetler · May 12, 2021, 10:42am

Yup, that’s the best way to avoid being attacked.

Frederick_Law · June 30, 2021, 2:27pm

I guess nobody here has a WD MyBook Live but if you do, take it off the internet:
https://www.theverge.com/2021/6/29/22555959/wd-my-book-live-second-exploit-authentication-factory-reset-without-password-root-control

zxys001 · June 30, 2021, 3:21pm

..the best fall back is to use the tried and true Schultz option.

Tom_G · July 2, 2021, 3:27pm

This may as well go here.

Ransomware. Hmm. That would suck. I’m not here to tell you how to run your business, but CISA is. They even want to help.

CISA’s CSET Tool Sets Sights on Ransomware Threat

CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks.

This analyzes your security and provides recommendations to improve an organization’s readiness.

Honestly, I have not run it. I’m leery of its results, i.e. just how bad is it? I will soon.

Tom_G · July 26, 2021, 3:50pm

The world is dangerous. The sky is falling. Here are 25 ways to ruin your day.
I offer no context, applicability, or summary to what is reasonably over my head. Derive your own sense from information.

2021 CWE Top 25 Most Dangerous Software Weaknesses

mattpeneguy · July 26, 2021, 3:58pm

Adobe has a security flaw?..That’s surprising!